diff options
author | Steve Sakoman <steve@sakoman.com> | 2023-05-09 04:10:34 -1000 |
---|---|---|
committer | Steve Sakoman <steve@sakoman.com> | 2023-05-10 10:53:11 -1000 |
commit | 151149b590a9051a6de58115a6796ccf17894498 (patch) | |
tree | a33798ed6c99677df81f414210e45a8efcd36d7a | |
parent | 7991fb7aa30cf56105ebbe060195f16aa1c9b6da (diff) | |
download | openembedded-core-151149b590a9051a6de58115a6796ccf17894498.tar.gz |
Revert "xserver-xorg: backport fix for CVE-2023-1393"
This reverts commit dc2c777cab0230fc54e078d20d872aaa9287a8b9.
Fixed in subsequent version bump
Signed-off-by: Steve Sakoman <steve@sakoman.com>
-rw-r--r-- | meta/recipes-graphics/xorg-xserver/xserver-xorg/0001-composite-Fix-use-after-free-of-the-COW.patch | 46 | ||||
-rw-r--r-- | meta/recipes-graphics/xorg-xserver/xserver-xorg_21.1.7.bb | 3 |
2 files changed, 1 insertions, 48 deletions
diff --git a/meta/recipes-graphics/xorg-xserver/xserver-xorg/0001-composite-Fix-use-after-free-of-the-COW.patch b/meta/recipes-graphics/xorg-xserver/xserver-xorg/0001-composite-Fix-use-after-free-of-the-COW.patch deleted file mode 100644 index fc426daba5..0000000000 --- a/meta/recipes-graphics/xorg-xserver/xserver-xorg/0001-composite-Fix-use-after-free-of-the-COW.patch +++ /dev/null @@ -1,46 +0,0 @@ -From 26ef545b3502f61ca722a7a3373507e88ef64110 Mon Sep 17 00:00:00 2001 -From: Olivier Fourdan <ofourdan@redhat.com> -Date: Mon, 13 Mar 2023 11:08:47 +0100 -Subject: [PATCH] composite: Fix use-after-free of the COW - -ZDI-CAN-19866/CVE-2023-1393 - -If a client explicitly destroys the compositor overlay window (aka COW), -we would leave a dangling pointer to that window in the CompScreen -structure, which will trigger a use-after-free later. - -Make sure to clear the CompScreen pointer to the COW when the latter gets -destroyed explicitly by the client. - -This vulnerability was discovered by: -Jan-Niklas Sohn working with Trend Micro Zero Day Initiative - -Signed-off-by: Olivier Fourdan <ofourdan@redhat.com> -Reviewed-by: Adam Jackson <ajax@redhat.com> - -CVE: CVE-2023-1393 -Upstream-Status: Backport -Signed-off-by: Ross Burton <ross.burton@arm.com> ---- - composite/compwindow.c | 5 +++++ - 1 file changed, 5 insertions(+) - -diff --git a/composite/compwindow.c b/composite/compwindow.c -index 4e2494b86..b30da589e 100644 ---- a/composite/compwindow.c -+++ b/composite/compwindow.c -@@ -620,6 +620,11 @@ compDestroyWindow(WindowPtr pWin) - ret = (*pScreen->DestroyWindow) (pWin); - cs->DestroyWindow = pScreen->DestroyWindow; - pScreen->DestroyWindow = compDestroyWindow; -+ -+ /* Did we just destroy the overlay window? */ -+ if (pWin == cs->pOverlayWin) -+ cs->pOverlayWin = NULL; -+ - /* compCheckTree (pWin->drawable.pScreen); can't check -- tree isn't good*/ - return ret; - } --- -2.34.1 - diff --git a/meta/recipes-graphics/xorg-xserver/xserver-xorg_21.1.7.bb b/meta/recipes-graphics/xorg-xserver/xserver-xorg_21.1.7.bb index f0771cc86e..212c7d39c2 100644 --- a/meta/recipes-graphics/xorg-xserver/xserver-xorg_21.1.7.bb +++ b/meta/recipes-graphics/xorg-xserver/xserver-xorg_21.1.7.bb @@ -1,8 +1,7 @@ require xserver-xorg.inc SRC_URI += "file://0001-xf86pciBus.c-use-Intel-ddx-only-for-pre-gen4-hardwar.patch \ - file://0001-Avoid-duplicate-definitions-of-IOPortBase.patch \ - file://0001-composite-Fix-use-after-free-of-the-COW.patch \ + file://0001-Avoid-duplicate-definitions-of-IOPortBase.patch \ " SRC_URI[sha256sum] = "d9c60b2dd0ec52326ca6ab20db0e490b1ff4f566f59ca742d6532e92795877bb" |